Port scans

Discussion in 'Computers' started by Carl Miller, Nov 27, 2005.

  1. Carl Miller

    Carl Miller Screenwriter

    Joined:
    Mar 17, 2002
    Messages:
    1,461
    Likes Received:
    0
    So for 4 days now, 6-8 times per day, my Sygate firewall is showing an alert:

    "Somebody is scanning your computer.
    Your computer's UDP ports:
    1029, 1031, 1032, and 1030 have been scanned from 221.10.224.253.."

    The firewall blocks this every time, so nothing is actually happening, but it's getting annoying. The IP backtraces to some communications company in China..

    I made no changes to my computer and don't really understand why this is happening all of a sudden, and why it's so constant over the last 4 days.

    Sygate makes a good product, but support is lacking, so I'm hoping someone here may know about this stuff...What is this exactly, and is there anything I can do to stop it?
     
  2. Jason Kirkpatri

    Jason Kirkpatri Second Unit

    Joined:
    Jan 6, 2002
    Messages:
    389
    Likes Received:
    0
    I wouldn't be too worried about it. Your firewall stops anything from happening and that's the important thing.

    I liken it to a bunch of kids running around the neighborhood knocking on everyone's doors...annoying but not serious.
     
  3. JeremyErwin

    JeremyErwin Producer

    Joined:
    Feb 11, 2001
    Messages:
    3,218
    Likes Received:
    0
    That's... interesting...

    I pulled up ipfw.log and found these entries;


    odd, isn't it?
     
  4. Carl Miller

    Carl Miller Screenwriter

    Joined:
    Mar 17, 2002
    Messages:
    1,461
    Likes Received:
    0
    Thanks Jason. I'm really not worried about it, but I've never seen anything like this before because it's so constant. I usually get a couple of random port scans each week, but nothing like this.

    Jeremy, that's very weird! Same exact thing.

    Here's the whois output on that IP....blacklisted for spam apparently. I don't get this.
     
  5. Tekara

    Tekara Supporting Actor

    Joined:
    Jan 8, 2003
    Messages:
    783
    Likes Received:
    0
    With how powerful the standard desktop is virii like to use the excess for port scanning the internet and brute forcing passwords. As long as you've got some protection you should be good.
     
  6. Mike_J_Potter

    Mike_J_Potter Second Unit

    Joined:
    Dec 26, 2003
    Messages:
    262
    Likes Received:
    0


    Agreed it is most likely a infected PC somewhere within that company. Or if since you mentioned that the IP is blacklisted for spam they may be looking for open mail relays, or the pc also had a relay installed on it when it was comprised.
     
  7. Carl Miller

    Carl Miller Screenwriter

    Joined:
    Mar 17, 2002
    Messages:
    1,461
    Likes Received:
    0
    Thanks guys! What you said makes sense. Glad I have my firewall, that's for sure.
     

Share This Page